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Claims 

1 . A method (400) for processing location information, which is related to a cer- 
tain mobile station in a cellular network, the method comprising the step of: 

- a first network element, which is connected to the cellular network, receiving 
5 (401) a location information request (201) relating to the mobile station from a sec- 
ond network element, which is connected to a packet data network, 

- requesting (404) from a third network element, which is connected to the packet 
data network, a security document relating to the second network element, 

- initiating the establishment (406) of at least one security association, which secu- 
10 rity association specifies at least data origin authentication and points from the sec- 
ond network element to the first network element and which establishment involves 
use of information comprised in the security document, 

- after successful establishment of said security association, authenticating (408) the 
data origin of the location service request, and 

15 - if the data origin of the location service request is authenticated successfully, initi- 
ating (410) a location procedure relating to the mobile station in the cellular net- 
work. 

2. A method according to claim 1, wherein the security document relating to the 
second network element is a public key certificate, which comprises an identifier 

20 specifying the second network element and a public key of the second network ele- 
ment and which is cryptographically signed by the third network element. 

3. A method according to claim 1 , further comprising the step of: 

- requesting from the third network element a second security document relating to 
the first network element. 

25 4. A method according to claim 3, wherein the security document comprises a 
first key, which is encrypted using a second key shared between the first network 
element and the third network element, and the second security document comprises 
the first key, which is encrypted using a third key shared between the second net- 
work element and the third network element. 

30 5. A method according to claim 3, further comprising the step of: 

- initiating the establishment of a second security association from the first network 
element to the second network element using at least information comprised in the 
second security document. 
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6 A method according to claim 5, wherein the security association is a set of 
Internet Security Associations pointing from the second network element to the first 
network element and the second security association is a second set of Internet Se- 
curity Associations pointing from the first network element to the second network 
5 element. 

7. A method according to claim 5, wherein the second security association speci- 
fies at least data encryption. 

8. A method according to claim 1, wherein the security association is a set of 
Internet Security Associations pointing from the second network element to the first 

10 network element. 

9. A method according to claim 1, further comprising the steps of: 

- a third network element, which is connected to the packet data network, producing 
(404) said security document, 

- establishing (406) at least one security association, which specifies at least data 
15 origin authentication and which points from the second network element to the first 

network element, using at least information comprised in the security document, and 

- after the establishment of said security association, authenticating (408) the data 
origin of the location service request, and 

- carrying out (701) a location procedure relating to the mobile station in the cellular 
20 network. 

10. A method according to claim 9, further comprising the step of: 

- transmitting (707, 713) location information relating to the mobile station to the 
second network element. 

11. A method according to claim 10, wherein the location information relating to 
25 the mobile station is transmitted to the second network element from the first net- 
work element. 

12. A method according to claim 1 1 , further comprising the steps of: 

- the third network element producing a second security document relating to the 
first network element, and 

30 - establishing a second security association, which specifies at least data encryption 
and points from the first network element to the second network element, using at 
least the information specified in the second security document. 

13. A method according to claim 10, further comprising the step of: 
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- before transmitting the location information to the second network element, estab- 
lishing (708) a third security association, which specifies at least data origin authen- 
tication and points from the second network element to a packet data device, which 
is either connected to the mobile station or is an integral part of the mobile station. 

5 14. A method according to claim 10, wherein the location information relating to 
the mobile station is transmitted from a device, which is either connected to the mo- 
bile station or is an integral part of the mobile station. 

15. A method according to claim 14, further comprising the step of: 

- before transmitting the location information to the second network element, estab- 
10 lishing (708) a third security association, which specifies at least data origin authen- 
tication and points from the second network element to a packet data device, which 
is either connected to the mobile station or an integral part of the mobile station. 

16. A method according to claim 15, further comprising the step of: 

- before transmission of location information, establishing (710) a fourth security 
15 association, which specifies at least data encryption and which points to the second 

network element from said packet data device. 

17. A method according to claim 14, further comprising the steps of: 

- the mobile station receiving (702) a notification relating to the location procedure 
relating to the mobile station, 

20 and 

- the mobile station informing (703) said packet data device about the notification. 

18. A method according to claim 1, wherein the first network element is a network 
element of a GPRS network. 

19. A method according to claim 18, wherein the first network element is a Gate- 
25 way Mobile Location Center. 

20. A method according to claim 1, wherein the first network element is a network 
element of a UMTS network. 

21. A network element (900) of a cellular network, the network element compris- 
ing 

30 - means (910) for receiving from a packet data network a location information re- 
quest relating to a certain mobile station, 

- means (920) for initiating a location procedure in the cellular network, 
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- means (930) for establishing security associations pointing to the network element 
from a network element of the packet data network, 

- means (93 1) for performing security functions as specified by the security associa- 
tions on data it receives from the packet data network, 

5 - means (932) which are arranged to determine, if there is an existing security asso- 
ciation pointing to the network element from a sender of a location information re- 
quest, and 

- means (933) for initiating security association establishment, which are arranged to 
establish a security association if there does not exist a security association, which 

10 points towards the network element from the sender of a location information re- 
quest. 

22. A network element according to claim 2 1 , further comprising 

- means (940) for receiving from a device reachable via the cellular network a re- 
quest about a security association, which points to the network element from a cer- 

15 tain network element of the packet data network, 

- means (932) for determining whether a requested security association exists, and 

- means (940) for transmitting information about the requested security association 
to the device. 

23. A network element according to claim 21 , further comprising 

20 - means (943) for receiving a request to produce security documents relating to the 
device and to the sender of a location information request, and 

- means (944) for producing a first security document relating to the device and a 
second security document relating to the sender of the location information request. 

24. A network element according to claim 21, wherein it is a network element of a 
25 GPRS network. 

25. A network element according to claim 24, wherein it is a Gateway Mobile Lo- 
cation Center. 

26. A network element according to claim 21, wherein it is a network element of a 
UMTS network. 

30 27. A packet data device (950) being an integral part of a mobile station or being 
attachable to a mobile station, comprising 

- means (960) for receiving information about a location information request and 
about a sender of a location information request from the mobile station and 

- means (970) for exchanging with a network element connected to a cellular net- 
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work information about a security association, which points to the network element 
from the sender of the location information request. 

28. A device according to claim 27, further comprising means (980) for establish- 
ing a second security association, which points to the device from the sender of the 

5 location information request and specifies at least data origin authentication. 

29. A device according to claim 28, further comprising means (980) for requesting 
a network element of the cellular network to produce security documents relating to 
the device and to the sender of the information request for the establishment of the 
second security association. 

10 30. A device according to claim 27, further comprising means (990) for transmit- 
ting to the mobile station a permission to send location information to the sender of 
the location information request, which means are arranged to transmit the permis- 
sion when there is said security association. 

31. A device according to claim 27, further comprising means for locating itself. 

15 32. A device according to claim 31, comprising a Global Positioning System re- 
ceiver. 

33. A mobile station (901), comprising 

- means for receiving a notification from a cellular network about a location infor- 
mation request, 

20 - means for responding to the cellular network with a notification response, and 

- means for notifying a packet data device, which is either an integral part of the 
mobile station or attached to the mobile station, about the location information re- 
quest. 

34. A mobile station according to claim 33, wherein the means for responding to 
25 the cellular network are arranged to be initiated by a permission sent by the packet 

data device. 



